One Password Manager To Rule Them All: LastPass, Part 3

• Tweet

This is the third entry in a multi-part series on LastPass. Part 1 Part 2

It’s time for the good stuff. What’s the point of being introduced to a great product, if you’re not sure how to take advantage of it? As I’ve commented before, LastPass is an amazing tool that is jam-packed with useful features. Although it is nice to have choices, many may find the numerous options overwhelming.

Therefore, the purpose of this post is to show you the minimum steps you’ll need to take in order to start living a more secure digital lifestyle with LastPass.

Installation

Your first step will be to install a LastPass extension. These extensions run on all platforms (i.e., Windows, Mac, Linux) and are compatible with most major web browsers (mobile LastPass apps will be covered in a future post in the series). After visiting the Download page, the site will detect which operating system and web browser you are using, and make a recommendation for which extension you should install.

For most users, this will be the LastPass Universal Windows Installer. Once you download and run either the 32-bit or 64-bit executable file, LastPass extensions will be installed for all compatible web browsers present on your system. This is fine, but if you want more control, you can manually select your OS, and scroll down to find the appropriate extension for your web browser.

When you have the option to install a LastPass extension that also includes “(Plus Binary Features),” choose that one, as it will include advanced Preferences options I will be discussing, shortly.

The LastPass Universal Windows Installer is convenient, and will:

• Walk you through installation options
• Give you the opportunity to create a LastPass account
• Enable you to import passwords from your browser’s built-in password management system
• Define the startup and shutdown behavior of LastPass.

If you are not utilizing the Universal Windows Installer, you can create an account when you first start LastPass after installation, and can configure its behavior through the Preferences option.

The Master Password

Important: When creating your LastPass account, you will need to set your Master Password. This is the critical key that will be used to encrypt/decrypt your password database, so it is crucial that it is strong. Make sure that it is at least 10 characters long, and consists of both upper- and lower-case letters, numbers and special characters.

Also, DO NOT FORGET YOUR MASTER PASSWORD. You are the sole party that has access to this value. As previously stated, even LastPass does not know your master password. You can set a reminder to help jog your memory, but really, this should be something you can recall at will. After all, this is going to be the last password you’ll have to remember.

In order to avoid dictionary words or intelligible phrases when constructing your master password, try this trick. Think of a phrase from one of your favorite TV shows, books or movies, something that really stuck with you upon first exposure, e.g., “It Can’t Rain All The Time.” Now, use the first (or last) letter from each word in the phrase as the letters for your password, e.g., icratt. Then, capitalize one (or more) of these letters, and throw in a number(s) and special character(s), and you have a complicated, but memorable password (e.g., iC@#ra45tt).

Logging In

The best way I can think of describing LastPass is as a login for your web browser. No matter where you are or which computer you are using, if LastPass is installed, you can login and have access to all your sensitive information.

Before we get into the basics of using LastPass, I need to state that in my experience with the product, it works, as advertised, with the overwhelming majority of the sites I visit. This means that some of the time, it doesn’t, usually due to a developer not adhering to standards when creating their web page.

This can manifest itself in several ways, e.g., you won’t be automatically prompted to save login credentials during new account creation, your login information will not be automatically placed in the appropriate text boxes when logging in, etc. This is, at worst, a minor inconvenience, as all of these functions can be manually circumvented with minimal fuss.

Setting Preferences

Since you are going to be using LastPass to store sensitive information, you’ll want to make sure that your Preferences are configured for optimal security. To do this, click on the LastPass Tool Button and select Preferences. I recommend the following settings:

• Check off Automatically Logoff when all browsers are closed and Chrome has been closed for (mins) and enter a value of 0 (the wording for this option will differ depending on the web browser you are using)
• Automatically Logoff after idle (mins) and enter a value of 15 (or whatever time frame you prefer)

These settings will ensure that access to your LastPass data is precluded by the closing of your web browser and a period of inactivity, a safe measure to take in case you are in an environment where other people might have access to your computer.

Life With LastPass

Using LastPass is a mostly transparent effort in that you will not need to greatly modify your behaviors in order to browse securely. For example, when you go to login to a site after you have installed the product, you will automatically be prompted to determine if you’d like LastPass to save your credentials.

To agree, select Save Site, enter a Name and, if desired, a Group, and click Save Site once again. Now, the next time you return to this site after you have logged out, you will see a LastPass icon in the login credential fields, signifying that LastPass has automatically filled the fields with your saved information. At this point, you can either select the AutoLogin button from the LastPass notification bar or click the normal login button the site provides.

Let’s see how this works:

If you encounter a site that does not seem to function with LastPass, and you need the app to save information you entered manually, simply click on the LastPass Tool Button and select Save All Entered Data. The video below provides a demonstration:

The Vault

If, at anytime, you want to view or edit your login information, you can go to your LastPass Vault. To access the Vault, click on the LastPass Tool Button, and select My LastPass Vault. You can scroll down to find the entry you desire or type a query in the search box.

Once you find the correct entry, click Edit. This will bring up a tab with all the form field information LastPass has saved for this particular site. To see your password, select Show next to the Password box.

If you want to access the specific LastPass entry for the site you are currently on, click the LastPass Tool Button and look towards the bottom of the drop-down menu.

Click on the appropriate entry and select Edit to view the LastPass Vault entry for that site.

Changing Passwords

If you are new to LastPass, you most likely have login credentials that contain weak passwords, so your first order of business after setting up LastPass should be to convert these insecure, but memorable passwords into strong, secure ones.

To do this, you will need to go to the account settings of each site whose password you need to change, and navigate to the appropriate section. Most sites have you enter the old password, followed by a new password two times. When properly functioning, LastPass would detect you are on a change password page and automatically offer to fill in the old password and generate/fill the new, secure password into the appropriate fields, as shown below.

In my experience, this functionality is unreliable and can result in much frustration for a new user. If LastPass has a conspicuous weakness, updating old passwords is it.

So, for the purposes of this tutorial, I will demonstrate how to change your old passwords manually. It is inconvenient, but you do not have to do it often, and once LastPass is up and running, you will see that it is worth the effort.

In order to make this process as painless as possible, first login to each site that requires a password change and let LastPass add your credentials to the LastPass Vault.

Next, navigate to the change password page for the site in question. From this point onward, you should ignore LastPass prompts and start doing things manually.

First, obtain your current password for the site, either by accessing your LastPass Vault or by copying it from the LastPass Tool Button drop-down menu, and paste it into the Old Password field on the site’s page.

Next, you need to generate a new, secure password. Click on the LastPass Tool Button and select Tools | Generate Secure Password.

In the window that pops up, check off Show Advanced Options.

Here, you can set the parameters for the secure passwords you are going to generate with LastPass. Caveat: Not all sites will allow you to use complicated, long passwords with special characters, so you may have to manipulate these settings to accomodate a site’s password policy.

In order to follow the recommendations laid out in Part 1 of this series, make sure you check off the boxes for:

• Upper- and lower-case letters
• Numbers
• Special characters

Be sure to set the Password Length to 10.

Now, click Generate to see the resultant password, along with a bar underneath that gives you a visual representation of the password strength (i.e., the longer the bar, the stronger the password). You can keep clicking Generate until you find a password that is acceptable.

Next, highlight the password and copy it. Then, paste the password into the new password boxes on the site’s page and complete whatever other requirements are necessary for you to change your password with the site.

At this point, your password has been changed, but LastPass has not updated the site’s entry in your Vault. So, once again, you need to go to the LastPass Vault, find the correct entry and manually update the password field. Make sure to:

• Show the old password
• Paste in the new, secure password you copied
• Click Save

Verify

When changing passwords with LastPass, it’s always a good idea to verify that you performed these steps correctly by logging out of and back in to the relevant site. If you accidentally copied the wrong password, you can always see a list of recently generated passwords by clicking on the LastPass Tool Button and looking at the bottom of the popup window, or by going to your LastPass Vault and running a search for generated.

Take A Deep Breath

As I said, the one glaring weakness of LastPass that I consistently find is how it handles changing passwords for existing accounts. Since this is something you will not often encounter after the initial setup phase, and because LastPass automatically handles new account creation and password generation with aplomb, I still believe that the minor inconvenience of this deficiency is far outweighed by the benefits of using a security solution such as LastPass.

Form Filling

Another aspect of web browsing that is ripe for secure automation is form filling, a monotonous, but necessary task for day-to-day browsing. Fortunately, this is something that LastPass excels at. To start using this feature, you need to establish a Profile.

Click on the LastPass Tool Button and select Fill Forms | Add Profile. In the popup window that follows, name the profile and enter in the types of information you want associated with that identity. Available tabs include Personal, Address, Contact, Credit card, Bank account, Custom fields and Notes.

If you want to add credit card information independent of a profile, click on the LastPass Tool Button and select Fill Forms | Add Credit Card.

Secure Notes

The final feature of LastPass that a basic user should be familiar with is Secure Notes. If you are looking for a way to securely store and readily access information other than passwords, Secure Notes is an attractive solution.

There are two ways to create Secure Notes with LastPass. If you want to store information that is associated with an existing LastPass Vault entry, simply navigate to the desired entry and add your information to the Notes field.

If you want to have a Secure Note that is independent of any entries in your Vault, click on the LastPass Tool Button and select Secure Notes | Add Secure Note. Now, give it a Name, assign it to a Group (if desired) and select the Note Type. When you’re done, click Save. To access these entries in the future, just navigate back to Secure Notes through the LastPass icon.

LastPass Neophyte No More

You now have the fundamental knowledge to integrate LastPass into your digital lifestyle. You know how to install the app, create a new account, login, add new entries to your Vault, modify those entries, update your old passwords (sigh), create and utilize Profiles, and take advantage of Secure Notes. Even though this may seem like a lot, there are still many useful features that this app has to offer.

The next post in the series will cover some of the more advanced features of LastPass.